One of my web sites runs on IIS 4 with NT 4 and NT service pack 6a. The site consists of asp pages with an asa page which sets sessions to the SQL 7 server for database queries. SQL 7 is running on another box and not on the Web server. I am currently experiencing a situation where several persons are using the following command to expose the username and password that is used by the asa page to create a session to the SQL server:
“HTTP://WWW.Websitename/GLOBAL.ASA%20+.HTR”
Which securitypatch for IIS should be applied here – or is there a service pack available for IIS that could be used here?
Appreciate any help here. Thank you
